Lucene search
+L

246 matches found

nvd
nvd
added 3 days ago6 views

CVE-2026-15620

A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/toolwebfetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be...

6.5CVSS0.00228EPSS
Exploits0References6
nvd
nvd
added 3 days ago6 views

CVE-2026-15619

A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function webfetch of the file tools/toolwebfetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploi...

7.5CVSS0.00252EPSS
Exploits0References6
euvd
euvd
added 3 days ago7 views

EUVD-2026-43582

A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/toolwebfetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References6
cvelist
cvelist
added 3 days ago27 views

CVE-2026-15620 mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery

A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/toolwebfetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be...

6.5CVSS0.00228EPSS
Exploits0References6
osv
osv
added 3 days ago3 views

CVE-2026-15620 mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery

A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/toolwebfetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be...

5.3CVSS6.2AI score0.00228EPSS
Exploits0References8
cve
cve
added 3 days ago8 views

CVE-2026-15619

CVE-2026-15619 affects mosaxiv clawlet prior to 0.2.10. The vulnerable element is the web_fetch function in tools/tool_web_fetch.go of the IPv4 Handler. The issue arises from manipulating the url argument, enabling server-side request forgery (SSRF). The attack can be initiated remotely, and an e...

7.5CVSS6.4AI score0.00252EPSS
Exploits0References6
osv
osv
added 3 days ago3 views

CVE-2026-15619 mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery

A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function webfetch of the file tools/toolwebfetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploi...

5.3CVSS6.4AI score0.00252EPSS
Exploits0References8
cvelist
cvelist
added 3 days ago35 views

CVE-2026-15619 mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery

A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function webfetch of the file tools/toolwebfetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploi...

7.5CVSS0.00252EPSS
Exploits0References6
metasploit
metasploit
added last week17 views

HTTPS Fetch, Linux dup2 Command Shell, Bind TCP Stager

Fetch and execute an RISC-V 64-bit payload from an HTTPS server. dup2 socket in s1, then execve. Listen for a connection Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...

6.2AI score
Exploits0
metasploit
metasploit
added last week17 views

HTTP Fetch, Linux dup2 Command Shell, Bind TCP Stager

Fetch and execute an RISC-V 64-bit payload from an HTTP server. dup2 socket in s1, then execve. Listen for a connection Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...

6.2AI score
Exploits0
metasploit
metasploit
added last week18 views

HTTP Fetch, Linux dup2 Command Shell, Reverse TCP Stager

Fetch and execute an RISC-V 64-bit payload from an HTTP server. dup2 socket in s1, then execve. Connect back to the attacker Module Options...

6.2AI score
Exploits0
nvd
nvd
added 2026/07/10 12:16 a.m.5 views

CVE-2026-15317

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be...

7.5CVSS0.00247EPSS
Exploits0References6
cve
cve
added 2026/07/10 12:0 a.m.12 views

CVE-2026-15317

Sipeed PicoClaw

7.5CVSS6.2AI score0.00247EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/10 12:0 a.m.43 views

CVE-2026-15317 Sipeed PicoClaw Guarded Web Fetch Flow web.go WebFetchTool.Execute server-side request forgery

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be...

7.5CVSS0.00247EPSS
Exploits0References6
euvd
euvd
added 2026/07/10 12:0 a.m.10 views

EUVD-2026-42757

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be...

7.5CVSS6.2AI score0.00247EPSS
Exploits0References6
osv
osv
added 2026/07/10 12:0 a.m.3 views

CVE-2026-15317 Sipeed PicoClaw Guarded Web Fetch Flow web.go WebFetchTool.Execute server-side request forgery

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be...

5.3CVSS6.3AI score0.00247EPSS
Exploits0References8
euvd
euvd
added 2026/07/09 5:0 p.m.7 views

EUVD-2026-42633

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, WEBFETCHFILTERLIST matching compared configured host entries against URL strings and non-label-boundary suffixes, allowing path-based blocklist bypasses such as !internal.example.com in a URL pa...

4.3CVSS6AI score0.00223EPSS
Exploits0References4
cve
cve
added 2026/07/09 5:0 p.m.12 views

CVE-2026-59223

Open WebUI vulnerability CVE-2026-59223 affects the WEB_FETCH_FILTER_LIST logic prior to 0.10.0, allowing path-based blocklist bypasses (e.g., !internal.example.com in a URL path) and misalignment with hostname policy for sibling-domain matches. The issue is fixed in version 0.10.0. Impact is a p...

4.3CVSS6AI score0.00223EPSS
Exploits0References4Affected Software1
ossf
ossf
added 2026/07/08 4:35 p.m.10 views

Malicious code in chai-redirection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38236fbbdbbaa8f8ed9315c3a4ff01fbf049215896036b1cb68611681fe0eb00 chai-redirection presents itself as a chai assertion plugin but its main entry index.js unconditionally spawns a detached Node child process running...

6.2AI score
Exploits0References4
nvd
nvd
added 2026/06/23 6:18 p.m.12 views

CVE-2026-54316

Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject ...

9.1CVSS0.00403EPSS
Exploits0References1
Rows per page
Query Builder